Posted on

bbr linux

Debian/Ubuntu TCP BBR 魔改版 (不支持4.13.*及更新的内核)

Debian 8+ / Ubuntu 14.04
下载最新内核,最新内核查看这里
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.16/linux-image-4.16.0-041600-generic_4.16.0-041600.201804012230_amd64.deb
安装内核
dpkg -i linux-image-4.*.deb
删除旧内核(可选)
dpkg -l | grep linux-image
apt-get purge 旧内核
更新 grub 系统引导文件并重启
update-grub
reboot
Ubuntu 16.04
安装 Hardware Enablement Stack (HWE),自动更新内核

apt install –install-recommends linux-generic-hwe-16.04
删除旧内核(可选)
apt autoremove
CentOS 6
下载更换内核
最新内核查看这里
rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm
yum –enablerepo=elrepo-kernel install kernel-ml -y
查看内核是否安装成功
rpm -qa | grep kernel
删除旧内核(可选)
rpm -ev 旧内核
更新 grub 系统引导文件并重启
sed -i ‘s:default=.*:default=0:g’ /etc/grub.conf
reboot
开不了机的打开 vps 后台控制面板的 vnc, 开机卡在 grub 引导, 只需要手动选择内核就可以了

安装完成后不要忘记修改 /boot/grub/menu.lst 和 /etc/grub.conf,将这两个文件中旧内核的启动项删除即可避免无法重启的问题。

更新到最新版内核
yum –enablerepo=elrepo-kernel update -y
reboot
CentOS 7
下载更换内核
最新内核查看这里
rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum –enablerepo=elrepo-kernel install kernel-ml -y
查看内核是否安装成功
rpm -qa | grep kernel
删除旧内核(可选)
rpm -ev 旧内核
更新 grub 系统引导文件并重启
egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \’
grub2-set-default 0 # default 0 表示第一个内核设置为默认运行, 选择最新内核就对了
reboot
注意,某些服务商(如 Digital Ocean)可能需要首先将 VPS 配置为可自定义内核,然后 grub2 的配置才会生效。
重新启动后,如果会出现 “read-only file system” 的错误,root账户下执行 mount -o remount rw / 即可

更新到最新版内核
方法同 CentOS 6

开启bbr
开机后 uname -r 看看是不是内核 >= 4.9

执行 lsmod | grep bbr,如果结果中没有 tcp_bbr 的话就先执行

modprobe tcp_bbr
echo “tcp_bbr” | sudo tee –append /etc/modules-load.d/modules.conf
执行

echo “net.core.default_qdisc=fq” | sudo tee –append /etc/sysctl.conf
echo “net.ipv4.tcp_congestion_control=bbr” | sudo tee –append /etc/sysctl.conf
保存生效
sysctl -p

执行

sysctl net.ipv4.tcp_available_congestion_control
sysctl net.ipv4.tcp_congestion_control
如果结果都有 bbr, 则证明你的内核已开启 bbr

执行 lsmod | grep bbr, 看到有 tcp_bbr 模块即说明 bbr 已启动

Posted on

splunk search

index=* host=* |where (NOT cidrmatch(“10.0.0.0/8”,dst) AND NOT cidrmatch(“172.16.40.0/24”,dst)) | top dst
top clientip|fields clientip count |rename clientip as “攻击源” |rename count as “攻击次数” (删除最后一个percent百分比字段)
top clientip|fields – percent |rename clientip as “攻击源” |rename count as “攻击次数” | fields
source=”tutorialdata.zip:*” index=”tutorialdata” host=”www1″ | table _time,clientip,status
source=”tutorialdata.zip:*” index=”tutorialdata” host=”www1″ | table _time,clientip,status|sort -clientip,+status
stats count() :括号中可以插入字段,主要作用对事件进行计数

stats dc():distinct count,去重之后对唯一值进行统计

stats values(),去重复后列出括号中的字段内容

stats list(),未去重之后列出括号指定字段的内容

stats avg(),求平均值
source=”tutorialdata.zip:*” index=”tutorialdata” host=”www1″|stats count(clientip)
index=”tutorialdata” sourcetype=”access_combined_wcookie” status=200 “action=purchase” |stats dc(clientip)
index=”tutorialdata” sourcetype=”access_combined_wcookie” |stats values(host) as “主机列表”
index=”tutorialdata” sourcetype=”access_combined_wcookie” status=200 “action=purchase” |stats list(host)
用于制作图表的表格输出中返回结果。
index=”tutorialdata” sourcetype=”access_combined_wcookie” status=200 “action=purchase” | chart count by host
index=”tutorialdata” sourcetype=”access_combined_wcookie” status=200 “action=purchase” | timechart count by host

index=”tutorialdata” sourcetype=”access_combined_wcookie” status=200 “action=purchase” | timechart span=8h count by host

index=”tutorialdata” sourcetype=”access_combined_wcookie” “action=purchase” status=200 clientip=”87.194.216.51″|stats count dc(productId),values(productId) by clientip
(搜成功购买,状态为200,IP为:87.194.216.51,统计购买产品的数量,并且去重复地列出具体的名称,最后通过clientip排序显示)

… |where (NOT cidrmatch(“10.52.0.0/24”,ipfield) AND NOT cidrmatch(“10.52.40.0/24″,ipfield))|table ipfield

#统计4xx和5xx事件数

index=”apachedata” sourcetype=”access_combined_wcookie” status > 200 | stats count by status

统计4xx和5xx事件的时间趋势图(折线图、面积图、柱状图) ,可视化为line chart图形

index=”apachedata” sourcetype=”access_combined_wcookie” status>200 | timechart count by status
a
200表示“成功”,其他均为“错误”,统计事件数量

eval命令和if函数 eval-对表达式进行计算并将结果存储在某个字段中

if (条件,True的结果,False的结果)

index=”apachedata” sourcetype=”access_combined_wcookie” | eval success=if(status==200,”成功”,”错误”)| timechart count by sucess

制作每一个主机的200、400和500事件数的对比图

200标记为“成功”,400标记为“客户端错误”,500标记为“服务器错误”,保存为column chart可视化图,另存现有仪表面板

index=”apachedata” sourcetype=”access_combined_wcookie” | chart count(eval(status==200)) as “成功”, count(eval((400500 OR status==500)) as “服务器错误” by host

.列出用户最常用的5种浏览器,可视化为Pie chart图,另存为现有仪表盘

index=apache sourcetype=”access_combined_wcookie” | top useragentlimit=5
通过IP地址获取地区、国家、城市等信息

iplocation: 使用3rd-party数据库解析IP地址的位置信息

index=”apachedata” sourcetype=”access_combined_wcookie” | top 10 clientip|iplocation clientip

每台服务器的GET和POST请求的对比图,并且另存为仪表板

index=”apachedata” sourcetype=”access_combined_wcookie”|timechart count(eval(method==”GET”)) as “GET请求”,count(eval(method==”POST”)) as “POST请求” by host

Posted on

centos7 tuned

# tuned-adm list
Available profiles:
– balanced – General non-specialized tuned profile
– desktop – Optmize for the desktop use-case
– latency-performance – Optimize for deterministic performance at the cost of increased power consumption
– network-latency – Optimize for deterministic performance at the cost of increased power consumption, focused on low latency network performance
– network-throughput – Optimize for streaming network throughput. Generally only necessary on older CPUs or 40G+ networks.
– powersave – Optimize for low power consumption
– throughput-performance – Broadly applicable tuning that provides excellent performance across a variety of common server workloads. This is the default profile for RHEL7.
– virtual-guest – Optimize for running inside a virtual guest.
– virtual-host – Optimize for running KVM guests
Current active profile: virtual-guest

# tuned-adm active
Current active profile: virtual-guest

cd /usr/lib/tuned/

total 56
drwxr-xr-x. 2 root root 4096 Jul 10 2017 balanced
drwxr-xr-x. 2 root root 4096 Jul 10 2017 desktop
-rw-r–r– 1 root root 12532 Jun 17 2016 functions
drwxr-xr-x. 2 root root 4096 Jul 10 2017 latency-performance
drwxr-xr-x. 2 root root 4096 Jul 10 2017 network-latency
drwxr-xr-x. 2 root root 4096 Jul 10 2017 network-throughput
drwxr-xr-x. 2 root root 4096 Jul 10 2017 powersave
-rw-r–r– 1 root root 1288 Jun 17 2016 recommend.conf
drwxr-xr-x. 2 root root 4096 Jul 10 2017 throughput-performance
drwxr-xr-x. 2 root root 4096 Jul 10 2017 virtual-guest
drwxr-xr-x. 2 root root 4096 Jul 10 2017 virtual-host

 

 

Posted on

site to site vpn for cisco 2600 route

(LAN: 172.16.1.1)siteA (WAN: 10.125.1.1)             <=>          (WAN: 10.125.1.2)  siteB (LAN:192.168.1.1)

 

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip domain name lookdata.cn
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key lookdata address 10.125.1.2
!
!
crypto ipsec transform-set s2s esp-3des esp-sha-hmac
!
crypto map s2s 10 ipsec-isakmp
set peer 10.125.1.2
set transform-set s2s
match address s2s
!
!
!
!
interface FastEthernet0/0
ip address 10.125.1.1 255.255.255.0
duplex auto
speed auto
crypto map s2s
!
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
!
ip route 192.168.0.0 255.255.0.0 FastEthernet0/0
!
!
no ip http server
no ip http secure-server
!
ip access-list extended s2s
permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end